Calling SecurityOrigin::databaseIdentifier on LocalStorage's background thread is not safe. databaseIdentifier does a bunch of string concatenation which ref-counts StringImpls in some cases. This was caught by valgrind thread sanitizer: http://code.google.com/p/chromium/issues/detail?id=25645 There's no way to test for such racyness, unfortunately.
Created attachment 42537 [details] Patch
Committed r50557: <http://trac.webkit.org/changeset/50557>